#!/bin/bash


echo "----关闭selinux----"
sed -i '/^SELINUX=.*/c SELINUX=disabled' /etc/selinux/config
sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/g' /etc/selinux/config
grep --color=auto '^SELINUX' /etc/selinux/config
setenforce 0

sleep 1
echo "----关闭防火墙----"
systemctl stop firewalld
systemctl disable firewalld

sleep 1
echo "----配置DNS----"
sed -i '1i\nameserver 223.5.5.5' /etc/resolv.conf
sed -i '2i\nameserver 114.114.114.114' /etc/resolv.conf

sleep 1
echo "----安装依赖插件----"
yum -y install epel-release wget
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
wget http://mirrors.aliyun.com/repo/Centos-7.repo -P /etc/yum.repos.d/
wget http://mirrors.aliyun.com/repo/epel-7.repo -P /etc/yum.repos.d/
yum -y install wget vim ntp unzip zip sysstat gcc gcc-c++ make nethogs lsof lrzsz net-tools nmap fping

sleep 1
echo "----修改时区----"
timedatectl set-timezone Asia/Shanghai
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

sleep 1
echo "----可上外网服务器，配置同步时间----"
ntpdate ntp1.aliyun.com
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/root

echo "----优化tcp连接数----"

sleep 1
echo "----用户可用的最大进程数量----"
cat >> /etc/security/limits.conf << EOF
* soft nproc 655360
* hard nproc 655360
* soft nofile 655360
* hard nofile 655360
EOF

sleep 1
echo "----Linux最大进程数最大进程数量----"
cat >> /etc/security/limits.d/20-nproc.conf << EOF
* soft nproc unlimited
* hard nproc unlimited
EOF

sleep 1
echo "----Linux系统所有进程共计可以打开的文件数量----"
cat >> /etc/sysctl.conf << EOF
fs.file-max = 655350
EOF

sleep 1
echo "----用户登录系统后打开文件数量----"
cat >> /etc/profile << EOF
ulimit -HSn 655350
EOF

sleep 1
echo "----配置ssh禁用反向解析----"
echo 'UseDNS=no' >> /etc/ssh/sshd_config

sleep 1
echo "----配置ssh-server侦听端口----"
echo 'Port 22' >> /etc/ssh/sshd_config

sleep 1
#echo "----允许通过密码ssh远程登录----"
#echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
systemctl restart sshd

sleep 1
echo "----设置ssh----"
echo "----20分钟登录无操作退出,服务器120秒心跳包测试客户端----"
echo 'export TMOUT=1200' >> /etc/profile
source /etc/profile
echo 'ClientAliveInterval 120
ClientAliveCountMax 3' >> /etc/ssh/sshd_config
systemctl restart sshd

sleep 1
echo "----设置用户登录记录----"
echo '#!/bin/bash
loginFile="/var/log/sshd/sshlogin.log"
user=$USER
ip=${SSH_CLIENT%% *}
#if [ "$user" != "root" ] || [ "$ip" != "192.168.31.88" ]
 #then
echo "LoginUser:"$user"--IP:"$ip"--LoginTime:"`date "+%Y-%m-%d %H:%M:%S"` >> "$loginFile";
#fi' >> /etc/ssh/sshrc
mkdir /var/log/sshd
touch /var/log/sshd/sshlogin.log
chmod -R 777 /var/log/sshd
chmod +x /etc/ssh/sshrc

sleep 1
#echo "----历史操作记录,并加时间戳----"
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
source /etc/profile



